예제 #1
0
class StartResponseWrapper(object):
    def __init__(self, start_response):
        self.start_response = start_response
        self.status = None
        self.headers = []
        self.exc_info = None
        self.buffer = StringIO()
        # A WSGI app may delay calling start_response until the first iteration
        # of its generator.  We track this so we know whether or not we need to
        # trigger an iteration before examining the response.
        self.called = False

    def wrap_start_response(self, status, headers, exc_info=None):
        self.headers = headers
        self.status = status
        self.exc_info = exc_info
        # The response has been initiated, so we have a valid code.
        self.called = True
        return self.buffer.write

    def finish_response(self, extra_headers):
        if not extra_headers:
            extra_headers = []
        headers = self.headers + extra_headers
        write = self.start_response(self.status, headers, self.exc_info)
        if write:
            self.buffer.seek(0)
            value = self.buffer.getvalue()
            if value:
                write(value)
            if hasattr(write, "close"):
                write.close()
예제 #2
0
class StartResponseWrapper(object):
    def __init__(self, start_response):
        self.start_response = start_response
        self.status = None
        self.headers = []
        self.exc_info = None
        self.buffer = StringIO()
        # A WSGI app may delay calling start_response until the first iteration
        # of its generator.  We track this so we know whether or not we need to
        # trigger an iteration before examining the response.
        self.called = False

    def wrap_start_response(self, status, headers, exc_info=None):
        self.headers = headers
        self.status = status
        self.exc_info = exc_info
        # The response has been initiated, so we have a valid code.
        self.called = True
        return self.buffer.write

    def finish_response(self, extra_headers):
        if not extra_headers:
            extra_headers = []
        headers = self.headers + extra_headers
        write = self.start_response(self.status, headers, self.exc_info)
        if write:
            self.buffer.seek(0)
            value = self.buffer.getvalue()
            if value:
                write(value)
            if hasattr(write, 'close'):
                write.close()
예제 #3
0
 def __init__(self, start_response):
     self.start_response = start_response
     self.status = None
     self.headers = []
     self.exc_info = None
     self.buffer = StringIO()
     # A WSGI app may delay calling start_response until the first iteration
     # of its generator.  We track this so we know whether or not we need to
     # trigger an iteration before examining the response.
     self.called = False
예제 #4
0
    def test_finish_response(self):
        from repoze.who._compat import StringIO
        statuses = []
        headerses = []
        datases = []
        closededs = []

        def write(data):
            datases.append(data)

        def close():
            closededs.append(True)

        write.close = close

        def start_response(status, headers, exc_info=None):
            statuses.append(status)
            headerses.append(headers)
            return write

        wrapper = self._makeOne(start_response)
        wrapper.status = '401 Unauthorized'
        wrapper.headers = [('a', '1')]
        wrapper.buffer = StringIO('written')
        extra_headers = [('b', '2')]
        result = wrapper.finish_response(extra_headers)
        self.assertEqual(result, None)
        self.assertEqual(headerses[0], wrapper.headers + extra_headers)
        self.assertEqual(statuses[0], wrapper.status)
        self.assertEqual(datases[0], 'written')
        self.assertEqual(closededs[0], True)
예제 #5
0
 def test_authenticate_nocreds(self):
     from repoze.who._compat import StringIO
     io = StringIO()
     plugin = self._makeOne(io, None)
     environ = self._makeEnviron()
     creds = {}
     result = plugin.authenticate(environ, creds)
     self.assertEqual(result, None)
예제 #6
0
 def __init__(self, start_response):
     self.start_response = start_response
     self.status = None
     self.headers = []
     self.exc_info = None
     self.buffer = StringIO()
     # A WSGI app may delay calling start_response until the first iteration
     # of its generator.  We track this so we know whether or not we need to
     # trigger an iteration before examining the response.
     self.called = False
예제 #7
0
 def test_parse_empty_file(self):
     from repoze.who._compat import StringIO
     config = self._makeOne()
     config.parse(StringIO())
     self.assertEqual(config.request_classifier, None)
     self.assertEqual(config.challenge_decider, None)
     self.assertEqual(config.remote_user_key, 'REMOTE_USER')
     self.assertEqual(len(config.plugins), 0)
     self.assertEqual(len(config.identifiers), 0)
     self.assertEqual(len(config.authenticators), 0)
     self.assertEqual(len(config.challengers), 0)
     self.assertEqual(len(config.mdproviders), 0)
예제 #8
0
    def test_authenticate_badline(self):
        from repoze.who._compat import StringIO
        io = StringIO('badline\nchrism:pass')

        def check(password, hashed):
            return True

        plugin = self._makeOne(io, check)
        environ = self._makeEnviron()
        creds = {'login': '******', 'password': '******'}
        result = plugin.authenticate(environ, creds)
        self.assertEqual(result, 'chrism')
예제 #9
0
 def _makeEnviron(self, path_info='/', identifier=None):
     from repoze.who._compat import StringIO
     if identifier is None:
         credentials = {'login': '******', 'password': '******'}
         identifier = DummyIdentifier(credentials)
     content_type, body = encode_multipart_formdata()
     environ = {
         'wsgi.version': (1, 0),
         'wsgi.input': StringIO(body),
         'wsgi.url_scheme': 'http',
         'SERVER_NAME': 'www.example.com',
         'SERVER_PORT': '80',
         'CONTENT_TYPE': content_type,
         'CONTENT_LENGTH': len(body),
         'REQUEST_METHOD': 'POST',
         'repoze.who.plugins': {
             'cookie': identifier
         },
         'QUERY_STRING': 'default=1',
         'PATH_INFO': path_info,
     }
     return environ
예제 #10
0
    def parse(self, text):
        if getattr(text, 'readline', None) is None:
            text = StringIO(text)
        cp = ConfigParser(defaults={'here': self.here})
        try:
            cp.read_file(text)
        except AttributeError:  #pragma NO COVER Python < 3.0
            cp.readfp(text)

        for s_id in [x for x in cp.sections() if x.startswith('plugin:')]:
            plugin_id = s_id[len('plugin:'):]
            options = dict(cp.items(s_id))
            if 'use' in options:
                name = options.pop('use')
                del options['here']
                obj = self._makePlugin(name, IPlugin, options)
                self.plugins[plugin_id] = obj

        if 'general' in cp.sections():
            general = dict(cp.items('general'))

            rc = general.get('request_classifier')
            if rc is not None:
                rc = self._getPlugin(rc, IRequestClassifier)
            self.request_classifier = rc

            cd = general.get('challenge_decider')
            if cd is not None:
                cd = self._getPlugin(cd, IChallengeDecider)
            self.challenge_decider = cd

            ru = general.get('remote_user_key')
            if ru is not None:
                self.remote_user_key = ru

        if 'identifiers' in cp.sections():
            identifiers = dict(cp.items('identifiers'))
            self._parsePluginSequence(
                self.identifiers,
                identifiers['plugins'],
                IIdentifier,
            )

        if 'authenticators' in cp.sections():
            authenticators = dict(cp.items('authenticators'))
            self._parsePluginSequence(
                self.authenticators,
                authenticators['plugins'],
                IAuthenticator,
            )

        if 'challengers' in cp.sections():
            challengers = dict(cp.items('challengers'))
            self._parsePluginSequence(
                self.challengers,
                challengers['plugins'],
                IChallenger,
            )

        if 'mdproviders' in cp.sections():
            mdproviders = dict(cp.items('mdproviders'))
            self._parsePluginSequence(
                self.mdproviders,
                mdproviders['plugins'],
                IMetadataProvider,
            )
예제 #11
0
def make_test_middleware(app, global_conf):
    """ Functionally equivalent to

    [plugin:redirector]
    use = repoze.who.plugins.redirector.RedirectorPlugin
    login_url = /login.html

    [plugin:auth_tkt]
    use = repoze.who.plugins.auth_tkt:AuthTktCookiePlugin
    secret = SEEKRIT
    cookie_name = oatmeal

    [plugin:basicauth]
    use = repoze.who.plugins.basicauth.BasicAuthPlugin
    realm = repoze.who

    [plugin:htpasswd]
    use = repoze.who.plugins.htpasswd.HTPasswdPlugin
    filename = <...>
    check_fn = repoze.who.plugins.htpasswd:crypt_check

    [general]
    request_classifier = repoze.who.classifiers:default_request_classifier
    challenge_decider = repoze.who.classifiers:default_challenge_decider

    [identifiers]
    plugins = authtkt basicauth

    [authenticators]
    plugins = authtkt htpasswd

    [challengers]
    plugins = redirector:browser basicauth
    """
    # be able to test without a config file
    from repoze.who.plugins.basicauth import BasicAuthPlugin
    from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
    from repoze.who.plugins.redirector import RedirectorPlugin
    from repoze.who.plugins.htpasswd import HTPasswdPlugin

    io = StringIO()
    for name, password in [("admin", "admin"), ("chris", "chris")]:
        io.write("%s:%s\n" % (name, password))
    io.seek(0)

    def cleartext_check(password, hashed):
        return password == hashed  # pragma NO COVERAGE

    htpasswd = HTPasswdPlugin(io, cleartext_check)
    basicauth = BasicAuthPlugin("repoze.who")
    auth_tkt = AuthTktCookiePlugin("secret", "auth_tkt")
    redirector = RedirectorPlugin("/login.html")
    redirector.classifications = {IChallenger: ["browser"]}  # only for browser
    identifiers = [("auth_tkt", auth_tkt), ("basicauth", basicauth)]
    authenticators = [("htpasswd", htpasswd)]
    challengers = [("redirector", redirector), ("basicauth", basicauth)]
    mdproviders = []
    from repoze.who.classifiers import default_request_classifier
    from repoze.who.classifiers import default_challenge_decider

    log_stream = None
    import os

    if os.environ.get("WHO_LOG"):
        log_stream = sys.stdout
    middleware = PluggableAuthenticationMiddleware(
        app,
        identifiers,
        authenticators,
        challengers,
        mdproviders,
        default_request_classifier,
        default_challenge_decider,
        log_stream=log_stream,
        log_level=logging.DEBUG,
    )
    return middleware
예제 #12
0
def make_test_middleware(app, global_conf):
    """ Functionally equivalent to

    [plugin:redirector]
    use = repoze.who.plugins.redirector.RedirectorPlugin
    login_url = /login.html

    [plugin:auth_tkt]
    use = repoze.who.plugins.auth_tkt:AuthTktCookiePlugin
    secret = SEEKRIT
    cookie_name = oatmeal

    [plugin:basicauth]
    use = repoze.who.plugins.basicauth.BasicAuthPlugin
    realm = repoze.who

    [plugin:htpasswd]
    use = repoze.who.plugins.htpasswd.HTPasswdPlugin
    filename = <...>
    check_fn = repoze.who.plugins.htpasswd:crypt_check

    [general]
    request_classifier = repoze.who.classifiers:default_request_classifier
    challenge_decider = repoze.who.classifiers:default_challenge_decider

    [identifiers]
    plugins = authtkt basicauth

    [authenticators]
    plugins = authtkt htpasswd

    [challengers]
    plugins = redirector:browser basicauth
    """
    # be able to test without a config file
    from repoze.who.plugins.basicauth import BasicAuthPlugin
    from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
    from repoze.who.plugins.redirector import RedirectorPlugin
    from repoze.who.plugins.htpasswd import HTPasswdPlugin
    io = StringIO()
    for name, password in [('admin', 'admin'), ('chris', 'chris')]:
        io.write('%s:%s\n' % (name, password))
    io.seek(0)

    def cleartext_check(password, hashed):
        return password == hashed  #pragma NO COVERAGE

    htpasswd = HTPasswdPlugin(io, cleartext_check)
    basicauth = BasicAuthPlugin('repoze.who')
    auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt')
    redirector = RedirectorPlugin('/login.html')
    redirector.classifications = {IChallenger: ['browser']}  # only for browser
    identifiers = [
        ('auth_tkt', auth_tkt),
        ('basicauth', basicauth),
    ]
    authenticators = [('htpasswd', htpasswd)]
    challengers = [('redirector', redirector), ('basicauth', basicauth)]
    mdproviders = []
    from repoze.who.classifiers import default_request_classifier
    from repoze.who.classifiers import default_challenge_decider
    log_stream = None
    import os
    if os.environ.get('WHO_LOG'):
        log_stream = sys.stdout
    middleware = PluggableAuthenticationMiddleware(app,
                                                   identifiers,
                                                   authenticators,
                                                   challengers,
                                                   mdproviders,
                                                   default_request_classifier,
                                                   default_challenge_decider,
                                                   log_stream=log_stream,
                                                   log_level=logging.DEBUG)
    return middleware